File Search Engine
  • Search
  • Syntax
  • Fields
  • API
  • 5.45.102.182 · virussign.com_20251102_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth
    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: d2e1c771adcf70615fd13274e073a8becde83633
    SHA256: 7067847d3fffbae11853f7953c0820ea23c9ac981fa9d6b41c366da181ab4175
    application/zip
    21.10MB
    2025-11-02 16:05:21 +0000 UTC

  • 5.45.102.182 · virussign.com_20251101_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_MEW From AlienVault by ditekSHen
    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: e79a02d74ef688714c3e68b5dd4d919ae368626b
    SHA256: d104b0f495242e9dcca6d3b2a4edfdb616b6597e9f6e693d2e271243c70cfd4c
    application/zip
    22.80MB
    2025-11-01 16:05:22 +0000 UTC

  • 5.45.102.182 · virussign.com_20251031_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara Suspicious_PowerShell_WebDownload_1 From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: 8bab5c6904bfca8d3685b74d9ff01a4271421c35
    SHA256: 95dd41e6d50bd80a824755090902c2b7ec8cf375ba9be2b54655435df0927ba9
    application/zip
    21.46MB
    2025-10-31 16:05:20 +0000 UTC

  • 5.45.102.182 · virussign.com_20251030_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Download archived sample
    The password is "infected"

    SHA1: 3294215e1e04406670c4bb9b87988cfffe54c6d3
    SHA256: a2f1b4eb85ed3a2e7bddb31e7c11dcb569f6416211bd26753e339b377de0d4e0
    application/zip
    12.01MB
    2025-10-30 16:05:17 +0000 UTC

  • 5.45.102.182 · virussign.com_20251029_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Download archived sample
    The password is "infected"

    SHA1: f1626f6fdd88b1ace984cf7efe638452eb439c8c
    SHA256: 232a55cfa7974629407212841bb0336c8accb1d33d43fb90b9004604e2d1df54
    application/zip
    5.38MB
    2025-10-29 16:05:17 +0000 UTC

  • 5.45.102.182 · virussign.com_20251028_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara INDICATOR_EXE_Packed_Themida From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: 0e6050cc0bd7af3a193a4984ad865aeaa11fe68c
    SHA256: 27ca6e938ba179fd8931b05ad4113b4646ab085b325f3012e98f9b425093df58
    application/zip
    17.72MB
    2025-10-28 16:05:18 +0000 UTC

  • 5.45.102.182 · virussign.com_20251027_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara SUSP_Imphash_Mar23_2 From Florian Roth by Arnim Rupp (https://github.com/ruppde)
    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara Disable_Defender From AbuseCH by iam-py-test
    Download archived sample
    The password is "infected"

    SHA1: 6577a305bbd95c793a597e18600b6cba2406fa6b
    SHA256: d3fe38ffd83912f4351f96bb1ff249f4cceb40bb7e5b06c6c9ba112045c37373
    application/zip
    14.68MB
    2025-10-27 16:05:18 +0000 UTC

  • 5.45.102.182 · virussign.com_20251026_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Download archived sample
    The password is "infected"

    SHA1: 03f6bd6dab400850c823957e677c18f686ec63d5
    SHA256: 6548b29aa3efc39baa9404901eb7511827325120b9059550164fafbd1b61e3bc
    application/zip
    18.06MB
    2025-10-26 16:05:19 +0000 UTC

  • 5.45.102.182 · virussign.com_20251025_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Download archived sample
    The password is "infected"

    SHA1: b0697856975d97bf56662d1b61591015e1d5ff89
    SHA256: c91376fe9ac588f023265dab9b06b6fdac222b1c30cdf9612d6b5f3cc64049c8
    application/zip
    15.55MB
    2025-10-25 16:05:18 +0000 UTC

  • 5.45.102.182 · virussign.com_20251024_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: 66bb58f69824580cdfa36d0a332c12d15fba8e53
    SHA256: 137104d8a900be47fa91ec6a19b624374940e9904ea9e65066ad9ea5a3568e5e
    application/zip
    16.89MB
    2025-10-24 16:05:18 +0000 UTC

  • 5.45.102.182 · virussign.com_20251023_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Disable_Defender From AbuseCH by iam-py-test
    Download archived sample
    The password is "infected"

    SHA1: a879d61559c6d2e9ba678ac5e2ada84b1d2b1c61
    SHA256: da70913263649d6d313f65a7bdf9634444da0504d0b4cc0e0eefe38114d81967
    application/zip
    24.39MB
    2025-10-23 16:05:23 +0000 UTC

  • 5.45.102.182 · virussign.com_20251021_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth
    Yara SUSP_Imphash_Mar23_2 From Florian Roth by Arnim Rupp (https://github.com/ruppde)
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: 250ad21f0384a2631c8a10571c69f61ce82a786a
    SHA256: 837d6996452422932a9df339fae12e3672167ed0c922612d7b1dbe2136976dff
    application/zip
    14.75MB
    2025-10-21 16:05:19 +0000 UTC

  • 5.45.102.182 · virussign.com_20251020_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara RAT_DarkComet From Florian Roth by Kevin Breen <kevin@techanarchy.net>
    Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: 5aac463e2b17ed57f8358f80402c29f1e5f90fab
    SHA256: 3932956109225d4eab0e604be8c4721ea39184433a4047beafe4a6dc30963969
    application/zip
    9.56MB
    2025-10-20 16:05:19 +0000 UTC

  • 5.45.102.182 · virussign.com_20251019_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_MEW From AlienVault by ditekSHen
    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Download archived sample
    The password is "infected"

    SHA1: 855569b292f6b5c7b59af0c2a0c56d9e9e5a05e7
    SHA256: bb3bdca23fd1873d577f03632a17a8f901c43ad11c1478d7280ec75c8ae1dfbf
    application/zip
    34.90MB
    2025-10-19 16:05:23 +0000 UTC

  • 5.45.102.182 · virussign.com_20251017_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara SUSP_Imphash_Mar23_2 From Florian Roth by Arnim Rupp (https://github.com/ruppde)
    Yara Disable_Defender From AbuseCH by iam-py-test
    Download archived sample
    The password is "infected"

    SHA1: 7d0036b88b0f962ca6cb03057f85e225935aff69
    SHA256: 370b2635ac2554265be3fa56f8a4b63fa1344f991f1bfecd0536799ef07f4f8f
    application/zip
    10.79MB
    2025-10-17 16:05:20 +0000 UTC

  • 5.45.102.182 · virussign.com_20251021_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth
    Yara SUSP_Imphash_Mar23_2 From Florian Roth by Arnim Rupp (https://github.com/ruppde)
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: 250ad21f0384a2631c8a10571c69f61ce82a786a
    SHA256: 837d6996452422932a9df339fae12e3672167ed0c922612d7b1dbe2136976dff
    application/zip
    14.75MB
    2025-10-21 16:05:19 +0000 UTC

  • 5.45.102.182 · virussign.com_20251020_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara RAT_DarkComet From Florian Roth by Kevin Breen <kevin@techanarchy.net>
    Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: 5aac463e2b17ed57f8358f80402c29f1e5f90fab
    SHA256: 3932956109225d4eab0e604be8c4721ea39184433a4047beafe4a6dc30963969
    application/zip
    9.56MB
    2025-10-20 16:05:19 +0000 UTC

  • 5.45.102.182 · virussign.com_20251019_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_MEW From AlienVault by ditekSHen
    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Download archived sample
    The password is "infected"

    SHA1: 855569b292f6b5c7b59af0c2a0c56d9e9e5a05e7
    SHA256: bb3bdca23fd1873d577f03632a17a8f901c43ad11c1478d7280ec75c8ae1dfbf
    application/zip
    34.90MB
    2025-10-19 16:05:23 +0000 UTC

  • 5.45.102.182 · virussign.com_20251017_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara SUSP_Imphash_Mar23_2 From Florian Roth by Arnim Rupp (https://github.com/ruppde)
    Yara Disable_Defender From AbuseCH by iam-py-test
    Download archived sample
    The password is "infected"

    SHA1: 7d0036b88b0f962ca6cb03057f85e225935aff69
    SHA256: 370b2635ac2554265be3fa56f8a4b63fa1344f991f1bfecd0536799ef07f4f8f
    application/zip
    10.79MB
    2025-10-17 16:05:20 +0000 UTC

  • 5.45.102.182 · virussign.com_20251007_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Download archived sample
    The password is "infected"

    SHA1: 6bef964967fb8250bfb7156de71026e6d677eaee
    SHA256: b07dabe67fe85263bb7362878e55202b6c42987d4e8e3f5ed96b2fc29210dc5f
    application/zip
    13.88MB
    2025-10-07 16:05:20 +0000 UTC